AWS Audit Manager generative AI best practices framework now includes Amazon SageMaker

Posted on: Jun 11, 2024

Available today, the AWS Audit Manager generative AI best practices framework now includes Amazon SageMaker in addition to Amazon Bedrock. Customers can use this prebuilt standard framework to gain visibility into how their generative AI implementation on SageMaker or Amazon Bedrock follows AWS recommended best practices and start auditing their generative AI usage and automating evidence collection. The framework provides a consistent approach for tracking AI model usage and permissions, flagging sensitive data, and alerting on issues.

This framework includes 110 controls across areas such as governance, data security, privacy, incident management, and business continuity planning. Customers can select and customize controls to structure automated assessments. For example, customers seeking to mitigate known biases before feeding data into their model can use the ‘Pre-processing Techniques’ control to require evidence of validation criteria including documentation of data augmentation, re-weighting, or re-sampling. Similarly, customers can use the 'Bias and Ethics Training' control to upload documentation demonstrating that their workforce is trained to address ethical considerations and AI bias in the model.


The framework was developed by AWS experts in AI, compliance, and security assurance in 2023 with additional review by global audit and assurance firm Deloitte, an AWS Partner. Now updated to include data source mappings for Amazon SageMaker, it is available in all AWS Regions where Amazon Bedrock and Amazon SageMaker are available. Simply select ‘generative AI best practices framework v2’ in the AWS Audit Manager framework library. To learn more, visit the user documentation or the AWS News blog post.